<?php
/**
 * UserIdentity represents the data needed to identity a user.
 * It contains the authentication method that checks if the provided
 * data can identity the user.
 */
class M_User
{
    private $id;
    private $salt;
    public $panoramio_id;
    public $flickr_id;
    public $username;
    public $password;
    public $status;

    private $ERROR_NONE = 0;
    private $ERROR_USERNAME_INVALID = 1;
    private $ERROR_PASSWORD_INVALID = 2;
    private $errorCode = 0;
    
    /**
     * Constructor.
     * @param string $username username
     * @param string $password password
     */
    public function __construct($username,$password)
    {
            $this->username=$username;
            $this->password=$password;
    }
    
    public function authenticate()
    {
        $query = sprintf("SELECT id, panoramio_id, flickr_id, username, password, salt, status FROM tbl_user WHERE username='%s'", mysql_real_escape_string($this->username));
        $result = mysql_query($query);
        if (!$result) {
            $message  = 'Invalid query: ' . mysql_error() . "\n";
            $message .= 'Whole query: ' . $query;
            die($message);
        }
        $user = mysql_fetch_array($result);
        $rowCount = mysql_num_rows($result);
        if($rowCount == 0) return $this->errorCode=$this->ERROR_USERNAME_INVALID;
        else{
            $this->salt = $user['salt'];
            if(!$this->validatePassword($this->password, $user['password'])) return $this->errorCode=$this->ERROR_PASSWORD_INVALID;
            else{
                $this->id=$user['id'];
                $this->panoramio_id=$user['panoramio_id'];
                $this->flickr_id=$user['flickr_id'];
                $this->username=$user['username'];
                $this->status = $user['status'];
                $_SESSION['user_id'] = $this->id;
                $_SESSION['user_panoramio_id'] = $this->panoramio_id;
                $_SESSION['user_flickr_id'] = $this->flickr_id;
                $_SESSION['user_username'] = $this->username;
                $_SESSION['user_status'] = $this->status;
                return $this->errorCode=$this->ERROR_NONE;
            }
        }
        return $this->errorCode=$this->ERROR_NONE;
    }
    
    /**
     * Checks if the given password is correct.
     * @param string the password to be validated
     * @return boolean whether the password is valid
     */
    public function validatePassword($password_input, $password_db)
    {
        return $this->hashPassword($this->salt, $password_input)===$password_db;
    }

    /**
     * Generates the password hash.
     * @param string password
     * @param string salt
     * @return string hash
     */
    public function hashPassword($salt, $password)
    {
            return md5($salt.$password);
    }

    /**
     * Generates a salt that can be used to generate a password hash.
     * @return string the salt
     */
    protected function generateSalt()
    {
            return uniqid('',true);
    }
}
?>
